Download Allied Telesis AR750S-DP User's Manual
Transcript
Software Maintenance Release Note Version 281-02 for AR750S, AR750S-DP, AR770S, AR415S, AR450S and AR44xS series routers, and AT-8600 series switches This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 281-02 for Software Version 2.8.1. Version details are listed in the following table: Models Series Release File Date Size (bytes) GUI file AR415S, AR440S, AR441S, AR442S, AR450S AR400 54281-02.rez 5 September 06 4673896 415s_281-02_en_d.rsc 440s_281-02_en_d.rsc 441s_281-02_en_d.rsc 442s_281-02_en_d.rsc 450s_281-02_en_d.rsc AR750S, AR750S-DP, AR770S AT-8624T/2M, AT-8624PoE, AT-8648T/2SP AT-8600 55281-02.rez 5 September 06 3936164 750s_281-02_en_d.rsc (AR750S and AR750S-DP) sr281-02.rez 5 September 06 2251144 sr24_281-02_en_d.rsc Caution: Using a maintenance version on the wrong model may cause unpredictable results, including disruption to the network. This maintenance release note should be read in conjunction with the following documents: ■ the Release Note for Software Version 2.8.1, available from www.alliedtelesyn.co.nz/documentation/relnotes/relnotes.html ■ your router or switch’s Document Set for Software Release 2.8.1. This document set is available on the CD-ROM that shipped with your router or switch, or from www.alliedtelesyn.co.nz/documentation/documentation.html Caution: Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesis Inc. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesis Inc. can not accept any type of liability for errors in, or omissions arising from the use of this information. Enabling and Installing this Release 2 Enabling and Installing this Release To use this maintenance release you must have a base release license for Software Release 2.8.1. Contact your distributor or reseller for more information. To enable this release and install it as the preferred release, use the commands: enable rel=xx281-02.rez num=2.8.1 set install=pref rel=xx281-02.rez where xx is the prefix to the filename, as shown in the table on page 1. For example, to install the release on an AR440S router, use the commands: enable rel=54281-02.rez num=2.8.1 set install=pref rel=54281-02.rez Levels Some of the issues addressed in this Maintenance Version include a level number. This number reflects the importance of the issue that has been resolved. The levels are: Level 1 This issue will cause significant interruption to network services, and there is no work-around. Level 2 This issue will cause interruption to network service, however there is a work-around. Level 3 This issue will seldom appear, and will cause minor inconvenience. Level 4 This issue represents a cosmetic change and does not affect network operation. Version 281-02 C613-10482-00 REV B Features in 281-02 3 Features in 281-02 Software Maintenance Version 281-02 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” in a white column indicates that the resolution is available in Version 281-02 for that product series. ■ “-” in a white column indicates that the issue did not apply to that product series. ■ a grey-shaded column indicates that Version 281-02 was not released on that product series. AT-9900 AT-9800 For PIM on IPv6, if the interface that was being used as the BSR candidate address went down, the network occasionally did not re-elect a BSR and the RPs in a timely manner. This could cause the router or switch to reboot. AT-8948 / x900-48 1 AT-8700XL PIM 6 AT-8600 CR00006040 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR400 Level 1 Y - Y - - - - - - - - - - - - Y - - - - - - - - - Y - - - - Y - Y - - Y - - - - This issue has been resolved. CR00007273 Switch 1 If a user created a configuration file that contained port trunk settings before VLAN port settings, then a loop occurred when the switch rebooted with this configuration. This issue has been resolved. CR00013457 VLAN 1 When ports were added to a currently-disabled RSTP domain, the ports could start to discard packets (because their STP state was set to Discarding). This issue has been resolved. When ports are added to a disabled RSTP domain, they remain in a Forwarding state. CR00013492 OSPF 1 When route filters (made with the command add ip route filter) were used to filter OSPF routes, it was possible for OSPF to constantly remove and re-create an AS-External LSA. This could prevent OSPF sessions from establishing. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 When a BRI or PRI PIC was installed on the router, an issue with internal memory handling occasionally caused the router to reboot. AT-8948 / x900-48 1 AT-8700XL Core AT-8600 CR00013736 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 4 AR400 Features in 281-02 Y - Y - - - - - - - - - - - - Y - - - - This issue has been resolved. CR00013743 Switch 1 If a user created a configuration file that contained LACP settings and VLAN port settings, then a loop occurred when the switch rebooted with this configuration. This issue has been resolved. AT-8948 / x900-48 AT-9900 AT-9800 For PIM on IPv6, RPSet information did not expire correctly when all RP candidates had expired. AT-8700XL 2 AT-8600 PIM 6 AT-8800 CR00010452 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR400 Level 2 Y - Y - - - - - - - Y - Y - - - - - - - Y - Y - - - - - - - This issue has been resolved. CR00010593 IPv6 2 The router or switch sometimes forwarded packets to directly connected hosts whose corresponding IPv6 ND cache entry was still in INCOMPLETE state. This caused it to send the packets to incorrect MAC addresses and egress ports. This issue has been resolved. CR00012407 STAR 2 When the STAR protocol was used for link-layer encryption, the channel setup failed continuously on heavy traffic. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 If IGMP snooping was enabled but IGMP was not enabled, the snooper behaved as if IGMP snooping fast leave had been enabled even when it had not been. This meant that as soon as the snooper received a Leave message, the port left the group. AT-8948 / x900-48 2 AT-8700XL IGMP AT-8600 CR00012476 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 5 AR400 Features in 281-02 Y - Y - - Y - - - - - - - - - Y - - - - - - - - - Y - - - - - - - - - Y - - - - Y - - - - - - - - - This issue has been resolved. Note that fast leave is disabled by default. CR00012657 STP 2 When STP was operating with a large number of VLANs in the same STP region, the switch sometimes rebooted while processing topology change notifications (TCNs). This issue has been resolved. CR00012741 Core, File, Stack 2 The command create config=filename set did not copy the configuration file to all switches in the stack, but only saved the file onto the current switch. This issue has been resolved. CR00013081 Switch, STP 2 When STP was enabled on ports in a trunk group, the non-master ports did not have the same state as the master port in the switch’s hardware STG table. This could, on rare occasions, create a broadcast storm. This issue has been resolved. All ports in a trunk group follow the master port in the hardware STG table. CR00013128 ATM 2 When connected to some types of DSLAMs, the router could reboot due to a reception error on the SHDSL EOC channel. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 It was possible in unusual circumstances for the OSPF link state retransmission list to grow to a large number. This caused the router or switch to reboot. AT-8948 / x900-48 2 AT-8700XL OSPF AT-8600 CR00013359 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 6 AR400 Features in 281-02 Y - Y - - Y - - - - Y - Y - - - - - - - This issue has been resolved. CR00013390 WAN Load Balancer 2 It was possible in unusual circumstances for the router to run out of memory after a WAN load balancer session was added. This could cause the router to reboot or to stop processing packets. This issue has been resolved. AT-9900 AT-9800 When a user entered the command show file=switch.ini, the switch previously could have displayed invalid content or an error message. AT-8948 / x900-48 3 AT-8700XL Core AT-8600 CR00003657 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR400 Level 3 - - - - - - - - - - Y - Y - - - - - - - This issue has been resolved. CR00010345 Firewall 3 When the HTTP proxy URL filter had entries that allowed certain domains and also had entries that denied certain keywords, the supposedly-allowed domains were denied if they contained the denied keywords. The proxy allowed the page /index.html from such domains, but no other pages. This issue has been resolved. The proxy no longer checks allowed domains against the keyword list. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 When the router or switch sent a RADIUS accounting STOP packet, the packet’s Acct-Session-Time was always zero, no matter how long the session had been active for. AT-8948 / x900-48 3 AT-8700XL Core AT-8600 CR00011710 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 7 AR400 Features in 281-02 Y - Y - - - - - - - Y - Y - - - - - - - This issue has been resolved. CR00013060 IPv6 3 Previously, if IPv6 had a dynamic Neighbour Discovery cache entry for a particular IPv6 address, it prevented users from adding a static entry for the same IPv6 address. This issue has been resolved. Users can now overwrite dynamic Neighbour Discovery cache entries with static entries. CR00013117 IPv6, PIM, PIMv6 3 A router or switch running PIM6 occasionally rebooted in certain network topologies when links were very busy. The circumstances that caused this crash are very unusual, but the code has been made more robust to cope with them. Y - Y - - - - - - - CR00013162 ISAKMP 3 When heartbeats fail for an ISAKMP SA, the router or switch (correctly) removes the ISAKMP SA and any IPsec SAs that were created by the ISAKMP SA. It then sends delete messages to notify the peer, so that the peer can also remove the relevant IPsec SAs. Y - Y - - - - - - - Y - Y - - - - - - - However, if heartbeats failed just after a re-negotiation, and only failed for the new ISAKMP SA, then the router or switch did not send delete messages for any IPsec SAs that were also removed. This could mean that encrypted traffic sent from the peer was lost. This issue has been resolved. If heartbeats fail, the router or switch now correctly sends the peer device a delete message for any removed IPsec SAs. CR00013220 ISAKMP 3 Previously, if an ISAKMP policy was configured with set isakmp policy=name prenegotiate=true and the peer was unresponsive, then at start-up the router or switch sent fewer ISAKMP message retransmissions than the configured msgretrylimit value. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 When an RTSP media stream, using TCP as the transport protocol, was passing through the firewall, then the session could stall if some packets were retransmitted with different sequence numbers to the original transmission. AT-8948 / x900-48 3 AT-8700XL Firewall AT-8600 CR00013415 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 8 AR400 Features in 281-02 Y - Y - - - - - - - Y - Y - - - - - - - - - - - - Y - - - - - - - - - Y - - - - Y - - - - - - - - - Y - - - - - - - - - This issue has been resolved. CR00013473 DVMRP 3 CR00013516 Values for some DVMRP settings (including ttlthreshold and metric) were not saved in the configuration file or output resulting from the commands create config and show config dynamic. If the router or switch rebooted, the values were not applied. This issue has been resolved. CR00013525 Stack 3 Different versions of the management stacking feature are not compatible with each other, which means that AT-9924Ts or x900-24XT series switches can only be stacked with other AT-9924Ts or x900-24XT switches. This software version includes checks to prevent incompatible software from being stacked. CR00013547 VLAN 3 When DHCP snooping was enabled on the router or switch, performing a walk of the MIB variables in that router or switch could result in incorrect termination of the walk. This was because certain SNMP packets were incorrectly interpreted as DHCP packets. This issue has been resolved. CR00013588 ATM 3 At low SHDSL bitrates, the EOC channel exhibited many spurious CRC errors. This issue has been resolved. CR00013672 ATM 3 An SNMP Walk of the ATM MIB would fail to complete properly, as it would not advance through the channel list. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 The router or switch’s SSH server occasionally disconnected an SSH client because of a checksum error. This occurred because the server did not decrypt the SSH session key correctly. AT-8948 / x900-48 3 AT-8700XL SSH AT-8600 CR00013714 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 9 AR400 Features in 281-02 Y - Y - - Y - - - - - - Y - - - - - - - This issue has been resolved. CR00013757 Core 3 For AR750S-DP routers, the values of the fanAndPsPSUPresent MIB fields displayed incorrectly. They indicated that a PSU was present when one was not installed, and that it was not present when it was. This issue has been resolved. CR Module Level Description AR400 AR7x5 AR750S / AR770S Rapier i AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Level 4 CR00001359 Eth, Bridge, Switch, LLDP, IP Gateway 4 For all Ethernet-like interfaces, the router or switch now uses an ifType value of ethernetCsmacd, instead of the deprecated value of iso88023Csmacd. Y - Y - - Y - - - - CR00013174 Asyn, Core, Log, Scripting, Show 4 The console port’s autobaud mode was determined incorrectly during start-up. This caused the router to unnecessarily reconfigure the console port for 9600 8N1 before printing any bootup messages. - - Y - - - - - - - This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-8948 / x900-48 AT-9900 AT-9800 After OSPF deleted an AS-External LSA, it sometimes sent an unnecessary LSA with no changes. AT-8700XL 4 AT-8600 OSPF AT-8800 CR00013569 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 10 AR400 Features in 281-02 Y - Y - - Y - - - - This issue has been resolved. CR00013683 File 4 Japanese users can now delete the router or switch’s preferred software release and the current boot configuration file. For routers or switches that are manufactured for non-Japanese markets, users must first stop the files from being preferred, by setting new preferred files or by using the commands delete install=pref or set config=none. Y - Y - - Y - - - - CR00013767 Core 4 In Japan, AT-8624PoE switches are named 8624PS. Previously, 8624PS switches displayed AT-8624PoE as their board name in the output of the command show system. - - - - - Y - - - - This issue has been resolved. For Japanese switches only, the board name is now 8624PS. Version 281-02 C613-10482-00 REV B Features in 281-02 11 AT-8948 / x900-48 AT-9900 AT-9800 Previously, it was not possible to set the MTU for an ATM interface. AT-8700XL - AT-8600 ATM AT-8800 CR00013126 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR400 Enhancements Y - - - - - - - - - Y - Y - - - - - - - Y - Y - - Y - - - - This enhancement makes it possible to now do so. The MTU can be set to values between 256 bytes and 1600 bytes, inclusive. CR00013130 NAT-T, IPsec - This software version supports more versions of IPsec NAT-T. As well as the existing support for versions 2 and 8 of the NAT-T draft, the router now: ■ supports NAT-T draft version 3, as defined by draft-ietf-ipsec-nat-t-ike-03.txt. This version has also been implemented by SonicWALL in its EnhancedOS. ■ supports RFC 3947. This RFC has also been implemented in Linux’s Openswan, for example (www.openswan.org). ■ accepts and sends the IPsec draft version 2 Vendor ID string when the hash does not include a carrage return. Therefore it accepts and sends a hash of “draft-ietf-ipsec-nat-t-ike-02” as well as a hash of “draft-ietf-ipsec-nat-tike-02\n” ■ displays some other Vendor IDs in debugging information even though the router does not support these versions. Such Vendor IDs are followed by the phrase “info only”. CR00013444 IP Gateway - RIPv2 can now use authentication passwords that contain almost any printable character, including characters such as $, % and &. The ? character is interpreted as asking for parameter help, so this is not usable anywhere inside a password. Also, a password cannot contain double quotes (") as the first character of the string. The RIP password length is now strictly enforced at 16 characters. The command handler no longer accepts a password with more characters than this. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 The 4-wire support of SHDSL interfaces has been enhanced to provide support for a standards-based train-up mode as well as the existing enhanced train-up mode. AT-8948 / x900-48 - AT-8700XL SHDSL AT-8600 CR00013447 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 12 AR400 Features in 281-02 Y - - - - - - - - - Y - Y - - Y - - - - - - - - - Y - - - - This issue has been resolved. CR00013535 File - Previously, a user could rename the current boot configuration file (by using the command rename). This stopped the router or switch from running that configuration on boot-up, so if the router or switch restarted after the user had renamed the current boot configuration file, it started up with no configuration. This issue has been resolved. Users can no longer rename the current boot configuration file. CR00013677 Version 281-02 C613-10482-00 REV B PoE - This enhancement added support for the latest version of the PoE firmware (version 5.0.1), so that AT-8624PoE switches can be shipped from the factory with this firmware version. Features in 281-01 13 Features in 281-01 Software Maintenance Version 281-01 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 281-01 for that product series. ■ “-” indicates that the issue did not apply to that product series. AT-9900 AT-9800 If an AT-9924SP had a large number of SFPs installed and had a very high level of traffic passing through the network, sometimes newly inserted SFPs were not detected. AT-8948 / x900-48 1 AT-8700XL Switch AT-8600 CR00012654 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR400 Level 1 - - - - - - - - Y - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved. CR00012715 DHCP 1 In some configurations in which the DHCP server was enabled, the router or switch compacted its flash memory frequently. This occurred because the DHCP server unnecessarily updated record files in flash memory even if the record had not changed. This issue has been resolved, so that DHCP records are only updated when necessary. Note that if the router or switch has NVS memory, it stores DHCP records in NVS by preference, instead of in flash memory. CR00012760 Log 1 Entering the command show debug caused the router or switch to reboot if one or more long messages existed in the log. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 When STP is enabled on the switch but is disabled for a trunk (by using the command disable stp port), the trunk should pass traffic. Previously, some trunk members sometimes stayed in the “discarding” state instead. AT-8948 / x900-48 1 AT-8700XL Switch AT-8600 CR00012933 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 14 AR400 Features in 281-01 - - - - - - - Y Y - Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved. CR00013025 DVMRP 1 Receiving a DVMRP Graft or Prune message occasionally caused the router or switch to reboot. This issue has been resolved. CR00013413 IP Gateway, Load Balancer 1 If the router or switch was configured with a local interface IP address and the interface to which this address belonged did not have a logical interface with index 0, a number of connectivity issues from this router or switch occurred, in which the router or switch was not able to communicate with UDP, TCP or PING. This issue has been resolved. CR00013666 SSL 1 When the router or switch used SSL to process HTTPS traffic, it rebooted. This issue occurred, for example, when browsing securely to the GUI, or when the load balancer was configured to support HTTPS traffic. This issue has been resolved. Version 281-02 C613-10482-00 REV B Features in 281-01 15 AT-8948 / x900-48 AT-9900 AT-9800 The Bridge cannot be configured to bridge PPPoE packets from an Ethernet interface that has also been configured as a PPPoE interface. Previously, such a Bridge configuration would appear to succeed. However the Bridge would not bridge PPPoE packets and the router would restart when the command reset bridge was entered. AT-8700XL 2 AT-8600 Bridge AT-8800 CR00009212 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR400 Level 2 Y Y Y - - - - - - - - - - Y Y Y Y Y Y - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - Y Y Y This issue has been resolved. Note: if you want to bridge PPPoE packets, do not also configure the router as a PPPoE endpoint (by using the command create ppp=number over=ethx-any). CR00009213 MSTP 2 Because of an MSTP issue, the switch did not always send a BPDU with an agreement flag to its designated bridge, even if the switch was synchronised with the latest spanning tree information from the designated bridge. This prevented the designated port on the designated bridge from making a fast transition to the forwarding state. The result was that the network could take up to two times the “forward delay” time to fully converge. This issue has been resolved. CR00009826 IP Gateway 2 When a static ARP is deleted, the router or switch sends out an ARP request to attempt to create a dynamic ARP for that IP address. Previously, the router or switch did not process the ARP response correctly and therefore did not add the ARP to its ARP table. This issue has been resolved. When a static ARP is deleted, the router or switch attempts to create a dynamic ARP for that IP address, and will successfully add it to the ARP table if a device responds. CR00010513 BGP, IP Gateway Version 281-02 C613-10482-00 REV B 2 BGP did not update its route table when a blackhole route changed in IP. This issue has been resolved. CR Module Level Description AR7x5 AR750S / AR770S Rapier i AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 16 AR400 Features in 281-01 CR00011434 File 2 The router or switch sometimes rebooted when copying a very large file (several Mbytes). This issue has been resolved by improving the copy process so that it uses fewer memory buffers. Y Y Y Y Y Y Y Y Y Y CR00011670 Switch 2 On x900-48 Series switches, when the switch used a DSCP map to remark packets, it did not mark the packets correctly. - - - - - - - Y - - Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved. CR00012364 IPv6 2 For IPv6, if there were multiple equal cost multipath (ECMP) static routes to a destination, and one or more links for the routes became inactive, the inactive route was sometimes still chosen for forwarding. This caused brief data delivery failure to the destination. This issue has been resolved. CR00012534 IP Gateway 2 If the router or switch received an IP packet that had been sent as an Ethernet broadcast, the router or switch responded as if the packet had been sent to its IP address, even when the packet was destined for a different IP address. In particular, the router or switch processed and responded to ICMP and TCP packets that were sent as Ethernet broadcasts to different IP addresses. These caused the router or switch to send ICMP echo responses or TCP reset packets. This issue has been resolved. Such Ethernet broadcast packets are generally not valid packets, so the router or switch now discards them. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 When the WAN load balancer was used with IP NAT (instead of firewall NAT), and an FTP session was established to a server on the public network, the router did not correctly establish a return session. This meant data was unable to flow correctly back from the server, and the router rebooted. AT-8948 / x900-48 2 AT-8700XL Firewall AT-8600 CR00012613 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 17 AR400 Features in 281-01 Y - Y - - - - - - - Y Y Y Y Y Y Y Y Y Y - - Y - - - - - - - This issue has been resolved. Note that the WAN load balancer is not designed for use with IP NAT, because IP NATs are not associated with interfaces. Configurations that use an IP NAT cannot vary the global IP address (the gblip parameter) based on the outgoing interface, so the WAN load balancer sends all traffic out with the same source address. Therefore, the return traffic probably comes back via the WAN load balancer resource that is associated with the global IP. The impact is that the WAN load balancer balances the outgoing traffic but not the return traffic. We recommend using firewall NAT instead of IP NAT with the WAN load balancer. CR00012624 VRRP, IP Gateway 2 Under certain network conditions in which VRRP entities become temporarily unsynchronised, the router or switch could receive a gratuitous ARP from a selfelected VRRP master when the router or switch was still the master. This caused the existing master to create an ARP entry that incorrectly redirected packets towards the other VRRP entity even after the other entity had become a slave again. This issue has been resolved. The router or switch no longer accepts gratuitous ARPs from other VRRP entities while it is still the Master. CR00012683 Switch 2 After the AR770S rebooted, the Port Link/Activity and Duplex/Collision LEDs sometimes did not blink in response to activity and collisions, respectively. This issue has been resolved. The router detects the problem and recovers from it, if possible. If it cannot recover from the problem, it generates a log message of severity 6, module SWK, type REST, and subtype FAIL. The log message says “An LED error has been detected, please power-cycle the device. If this message appears again, contact your technical support representative for help.” Version 281-02 C613-10482-00 REV B AT-8948 / x900-48 AT-9900 AT-9800 Decrypting a large IPsec ESP packet sometimes caused the router or switch to reboot. AT-8700XL 2 AT-8600 IPsec, ENCO AT-8800 CR00012697 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 18 AR400 Features in 281-01 Y Y Y Y Y - - - - - This issue has been resolved. CR00012710 Core 2 Soft errors can generate exceptions that would cause the router or switch to reboot. Soft errors are spontaneous changes in the information stored in a digital circuit, caused by physical effects. The router or switch’s handling of such errors has been improved, so that it recovers without rebooting when possible. - - Y - - - - - - - CR00012741 Core, File, Stack 2 The command create config=filename set did not copy the configuration file to all switches in the stack, but only saved the file onto the current switch. - - - Y Y Y Y Y Y - Y Y Y Y Y Y Y Y Y Y - - - - - - - Y - - - - - Y Y Y Y Y Y Y This issue has been resolved. CR00012757 OSPF 2 The router or switch correctly accepted the command add ospf redistribution protocol=static followed by the command set ospf asexternal=on or nssa. However, the command create config did not create a valid configuration file from these commands. If the router or switch used that configuration after a reboot, it gave the error “Redistribution for specified routing protocol - already exists” and did not use the user-defined redistribution definition. This issue has been resolved. The router or switch now correctly saves and uses the user-defined redistribution definition. CR00012820 DHCP Snooping, 2 Switch CR00012821 IP Gateway When the switch had two DHCP snooping classifiers applied across all 48 ports, and maxleases was set to 10 or more on each port, the switch rebooted. This issue has been resolved. 2 When adding, deleting or updating subnet routes of a more general route, the software and hardware IP route tables sometimes became unsynchronised. The same issue sometimes also occurred when updating ECMP routes. This could cause the router or switch to forward packets to unexpected next hops. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-8948 / x900-48 AT-9900 AT-9800 The following issues occurred with sending log messages to an asynchronous port: AT-8700XL 2 AT-8600 ASYN, Log AT-8800 CR00012846 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 19 AR400 Features in 281-01 Y Y Y Y Y Y Y Y Y Y - - - - - - - Y Y - ■ The log messages output on an asynchronous port were corrupt. ■ When log messages were output to an asynchronous port, that port was (correctly) locked. However, the port remained locked after the asynchronous log output definition was destroyed, and after the log output's destination was changed from asynchronous to something else. ■ It was possible for a user to change the log output destination to an asynchronous port while the user was logged into the asynchronous port. This resulted in the user losing access to the command line interface. ■ It was possible to create a log output definition with an asynchronous port as the destination even when another user was logged into that asynchronous port. This resulted in the other user losing access to the command line interface. ■ If a user changed the log output destination to an asynchronous port and specified invalid parameters in the command, an error message was displayed but the new output destination was saved anyway. ■ The set command allowed a user to specify an asynchronous port as the destination without specifying the asynchronous port number. The number defaulted to asyn0, which may not have been the desired port. These issues have been resolved. CR00012855 Core 2 If the switch was rebooted at a time when there was a high level of packet traffic between the switch ports and the switch CPU, then during the reboot process it was possible for RAM test errors to occur. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-8948 / x900-48 AT-9900 AT-9800 Entering the command create enco key=number ip=? caused the router or switch to reboot. AT-8700XL 2 AT-8600 ENCO AT-8800 CR00012868 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 20 AR400 Features in 281-01 Y Y Y Y Y Y Y Y Y Y - - - - - - - Y Y - Y - Y - - - - - - - Y Y Y Y Y - - Y Y Y Y Y Y - - - - - - - Y - - - - - - - - - This issue has been resolved. CR00012900 IPv6, Switch 2 When an IPv6 accelerator card was installed, IPv6 multicast traffic was flooded to all ports in a downstream VLAN, whether or not they had joined the multicast group. This issue has been resolved. CR00012911 Switch, VLAN, User 2 Under very rare circumstances, memory corruption could occur when packets were transmitted by the CPU out a switch port. This issue has been resolved. CR00012951 IPv6 2 RIPng (for IPv6) sometimes sent sub-optimal routes to its neighbours. When RIPng was configured in a network with loop topology, this could cause unstable routing table entries on the neighbours (the metric kept being updated, as a result of updates from neighbours). This issue has been resolved. RIPng no longer sends sub-optimal routes. CR00012952 Bridge 2 If a tagged packet was bridged out of a VLAN interface, the interface always added a VLAN tag into the packet, even though the packet was already tagged. This issue has been resolved. CR00012991 Version 281-02 C613-10482-00 REV B ATM 2 The maximum allowed value of the vpi parameter in the commands add and set atm channel has been increased from 8 to 15. AT-9900 AT-9800 When EPSR is enabled, it creates a classifier so it can send EPSR packets to the CPU for processing. Previously, if too many classifiers existed and therefore EPSR could not create the classifier, EPSR was enabled anyway. However, it did not work correctly. AT-8948 / x900-48 2 AT-8700XL EPSR, Switch AT-8600 CR00013003 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 21 AR400 Features in 281-01 - - - - - - - Y Y - Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - - - - Y Y Y Y Y - - Y Y Y This issue has been resolved. Now, if EPSR cannot create the classifier, an error message displays and EPSR is not enabled. CR00013077 IPv6 2 When an IPv6 address was deleted on the router or switch, and that IPv6 address had previously been learnt by a remote IPv6 node, then the router or switch would reboot if it received an ICMPv6 Neighbour Solicitation message from the remote node. This meant, for example, that if you successfully pinged an address on the router or switch, then deleted that address, then attempted to ping the old address again, the router or switch would reboot. This issue has been resolved. CR00013234 IP Gateway 2 If the router or switch attempted to email log output, and used a domain name server that gave a non-standard response to the DNS query, the router or switch sometimes rebooted. This issue has been resolved. CR00013276 UPnP 2 In UPnP, Msearch requests were stored indefinitely, which eventually exhausted the router’s memory and caused it to reboot. This issue has been resolved. Msearch requests are now deleted once the router has finished with them. CR00013309 L2TP 2 When an L2TP LAC Client (for example, a Microsoft Windows XP VPN Client) activated an L2TP tunnel to a router or switch that was operating as an LNS, the dynamic PPP interface on the LNS left out the PPP authentication phase. This also prevented the interface from obtaining an IP address by remote IP assignment from a User Database entry. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 The switch correctly accepted a changed ring flap time (the commands create or set epsr ringflaptime). However, if the command create config was used to save the configuration and the switch used that configuration after a reboot, EPSR failed. AT-8948 / x900-48 2 AT-8700XL EPSR AT-8600 CR00013407 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 22 AR400 Features in 281-01 - - - - - - - Y Y - Y Y Y Y Y - - Y Y Y This issue has been resolved. CR00013529 PIMv6 2 When the router or switch used PIM for multicast routing, and an IPv6 multicast client joined a group, then left it, then attempted to rejoin it, sometimes the attempt to rejoin was not successful. This issue has been resolved. AT-9900 AT-9800 Editing a text file that consisted of a very large number of lines (approaching or exceeding 30,000 lines) caused the router or switch to reboot. AT-8948 / x900-48 3 AT-8700XL TTY AT-8600 CR00008766 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR400 Level 3 Y - Y - - - - Y Y - Y Y Y Y Y Y Y Y Y Y This issue has been resolved. CR00011444 Asyn 3 If information was sent to a console (asyn) port that had no cable plugged into it, excessive CPU usage occurred. This issue has been resolved. Version 281-02 C613-10482-00 REV B CR Module Level AR7x5 AR750S / AR770S Rapier i AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 23 AR400 Features in 281-01 CR00012309 WAN load balancer 3 WAN load balancer performance has been improved, especially through improvements to the session hashing mechanism. Y - Y - - - - - - - CR00012468 OSPF 3 An OSPF router or switch could show large numbers of entries in its retransmission lists to certain neighbours under certain conditions (for example, in a congested Frame Relay network). In some cases, the number of items in the list was larger than the number of LSAs in the database. Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - - - - Y Y - Description This issue has been resolved. Also, a new NRL debugging option has been added to OSPF, to show additions to and deletions from the neighbour retransmission list. To enable NRL debugging, use the command: enable ospf debug=nrl Note that this option may generate large amounts of debugging output on a large OSPF network. Use it with care. To disable NRL debugging, use the command: disable ospf debug=nrl CR00012598 OSPF 3 In an OSPF NSSA, changing the router ID of the OSPF NSSA ASBR sometimes caused the area border router to behave incorrectly. This issue has been resolved. CR00012607 Switch 3 IPv6 multicast routing using the IPv6 accelerator card on an AT-9924T or AT-8948 switch sometimes caused very high CPU utilisation, even though multicast data is switched at wirespeed by the accelerator card. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 The command show debug active displays information about currently-active debugging for many modules at once. Similarly, the command disable debug active disables debugging for many modules in a single step. AT-8948 / x900-48 3 AT-8700XL many AT-8600 CR00012708 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 24 AR400 Features in 281-01 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - - - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - - This Software Version extends the list of modules that these commands act on. They now apply to all modules with debug support, except for DS3, ACC, Q931, SA, SYN, TPAD, and X25C. CR00012786 IP Gateway 3 When a link that had RIP configured on it went down, so that the router or switch used an alternative route, output from the command show ip route sometimes displayed incorrect information when the link came back up. When the link first comes back up, the route's RIP metric is still 16, so the alternative route is still the “best” route to the target. However, show ip route sometimes displayed a disabled route over the original link, with a RIP metric of 16, as the best route, even though the router or switch correctly used the alternative route. This issue has been resolved. CR00012895 IP Gateway 3 Previously, the router accepted ARP entries with multicast IP and MAC addresses when the MAC disparity feature was disabled. The MAC disparity feature is disabled by default. The issue has been resolved. The router now discards such ARP entries unless the MAC disparity feature has been enabled by using the command enable ip macdisparity. CR00012947 Log 3 When a user entered the command show log receive=ipadd mask=mask, the router or switch displayed an error message that said mask was not a valid parameter. This issue has been resolved. The mask parameter is now valid for this command. CR00013007 IPsec 3 With tunnel-mode IPsec, the router or switch decremented the time to live (TTL) of IP packets twice when it forwarded the packets through the tunnel. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 When IP NAT or firewall NAT was used, the router or switch sometimes generated ICMP messages that specified the wrong source IP address. This meant that the response to traceroute could be incorrect. AT-8948 / x900-48 3 AT-8700XL Firewall AT-8600 CR00013048 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 25 AR400 Features in 281-01 Y Y Y Y Y - - - - - Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y - - - Y Y Y Y - - - - - - - - Y - - - - - - - - - Y - - - - This issue has been resolved. CR00013049 IPv6 3 The router or switch sometimes rebooted when it processed a large number of multicast routes that were created as the result of receiving a large amount of data from more than 500 multicast groups. This issue has been resolved. CR00013085 OSPF 3 A user can configure a range on an OSPF ABR, so that the ABR aggregates the network advertisements from one area into another area in the form of summary LSAs. However, networks advertised into a transit area should not be aggregated into summary LSAs. Previously, the router or switch advertised aggregated summary LSAs into transit areas when a range had been configured. This issue has been resolved. When the router or switch is advertising into a transit area, it ignores any configured range. CR00013093 Switch 3 When traffic on a port was mirrored and that port had a learn limit set, packets from the CPU (such as ARP replies and ICMP replies) were not always mirrored. This issue has been resolved. CR00013190 Core 3 If a AT-8624PoE switch had a sticky fan, the fan constantly toggled between running at full speed and slowing down. This meant that the fan continuously generated alarms. This issue has been resolved. If the fan reports an error more than 3 times in an hour, it now remains at its maximum speed setting. CR00013202 Core 3 On the AT-8624PoE switch, a fan fault alarm was not generated when the fan speed dropped to 70% of the expected speed. This issue has been resolved. When the speed drops to 70% or less, a alarm is now generated. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 The system LED did not indicate when an internal power supply fault occurred. AT-8948 / x900-48 3 AT-8700XL Core AT-8600 CR00013243 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 26 AR400 Features in 281-01 - - Y - - - - - - - Y Y Y Y Y Y Y Y Y Y - - - - - - - Y Y - Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved. The system LED now flashes 3 times to indicate a fault. Also, output of the show system command now reports voltages more accurately. CR00013279 OSPF 3 When a user changed the OSPF priority of an interface, the router or switch did not immediately perform the process to elect a Designated Router and Backup Designated Router (BDR). This issue has been resolved. CR00013353 Switch 3 Certain BIST and AUTOBURNIN tests reported errors, especially if an IPv6 accelerator was installed. Also, if a user entered the commands disable or enable switch learning and an IPv6 accelerator was installed, the switch displayed an error message that said: “SWI ERROR: (1) swmxMacLearningSet [1] - Unable to set learning” These issues have been resolved. CR00013421 BGP 3 When a user created a BGP module trigger for the peerstate event, the router or switch did not allow specification of the script or state parameters. This issue has been resolved. All such generic parameters are now available with module-specific triggers. CR00013538 IP Gateway 3 Software Version 2.8.1 introduced a new msgtype parameter for the command add igmp filter, which enables users to filter on IGMP query, report or leave messages. This parameter was mistakenly made compulsory. Therefore, if an existing configuration script contained IGMP filters, and the router or switch restarted with that configuration, the filters did not work. This issue has been resolved. The msgtype parameter is now optional, with a default of report. Version 281-02 C613-10482-00 REV B Features in 281-01 27 AT-9900 AT-9800 When the web-based GUI is used to add or remove ports from a port-based VLAN association on an AT-9812T switch, the icons representing alternate ports faced opposite directions. AT-8948 / x900-48 4 AT-8700XL GUI AT-8600 CR00010159 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR400 Level 4 - - - - - - - - - Y Y Y Y Y Y - - - - - - - - - - - - Y Y - This issue has been resolved. The port icons now all have the same orientation. CR00011311 IPsec 4 In output of the commands show ipsec policy and show ipsec policy sabundle, the value for the number of bytes currently used by each SA bundle was sometimes truncated. This issue has been resolved, and both commands now display the correct number. As part of this, output of the command show ipsec policy has been modified so that the expiry limits in bytes and in seconds display on separate lines. Also, if the expirykbytes parameter of the command create or set ipsec bundlespecification was given a value higher than 4193280, the router or switch instead used a lower value. This issue has been resolved. If you specify a value above 4193280, the router or switch now displays a warning message and sets the expiry limit to 4193280 kbytes. CR00011788 IP Gateway 4 Previously the switch allowed users to specify the tag parameter when creating or modifying a blackhole route with the commands add or set ip route. However, blackhole routes cannot be tagged, so the switch did not apply the tag setting in its saved configuration. This issue has been resolved. If a command contains both the blackhole and tag parameters, the switch now returns an error message. Version 281-02 C613-10482-00 REV B AT-8948 / x900-48 AT-9900 AT-9800 The “?” help description for the enable command stated that the parameter rtelnet would “Disable the use of remote telnet to control an asyn port”. AT-8700XL 4 AT-8600 Remote Telnet AT-8800 CR00012270 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 28 AR400 Features in 281-01 Y Y Y Y - - - - - - Y Y Y Y Y - - Y Y Y Y Y Y Y - - - - - - - - - Y Y Y Y Y Y - Y Y Y Y Y Y Y Y Y Y - - - Y Y Y Y Y Y Y This issue has been resolved. The query now states that the command enable rtelnet enables remote telnet. CR00012581 PPP 4 Output of the command show ppp idletimer did not display the PPP interface name. This issue has been resolved. CR00012655 GUI 4 The web-based Graphical User Interface (GUI) did not display software QoS counters. This issue has been resolved. The counters now display correctly. To access them, select Diagnostics in the left-hand menu. CR00012755 Install, Stacking 4 If the local command show config dynamic was entered as a host-directed command, the switch gave an incorrect error message. This issue has been resolved. If you attempt to direct show config dynamic to a host, the switch now responds with the message “Command is local, do not use host direction”. CR00012774 IP Gateway, TCP 4 In an unusual network configuration where the IP subnet on one interface was a subset of that on another interface, it was possible for the results of a trace route to show erroneous information. This issue has been resolved. A search for an interface using an address within the interface's subnet now finds the most specific match for the address. CR00012824 GUI 4 Internet Explorer did not display the switch trunking summary page correctly. If the user selected a trunk group, the radio button displayed a grey image, instead of displaying a black dot inside a circle. This was only a display issue—the GUI acted on the selected trunk group correctly. This issue has been resolved. Version 281-02 C613-10482-00 REV B AT-9900 AT-9800 When the router or switch was configured as an LNS and received an incoming L2TP call that was associated with a disabled PPP interface, it produced an incorrect log message. AT-8948 / x900-48 4 AT-8700XL L2TP AT-8600 CR00012916 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 29 AR400 Features in 281-01 Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved. CR00012946 Log 4 When a user entered the command show log receive=ipadd, information about all IP addresses was displayed unless the user also entered the mask parameter. This issue has been resolved. Specifying an IP address without a mask now limits the display to information about that IP address. CR00013086 IPv6 4 When the router or switch was running MLD and sent an MLD query packet, it incremented the OutEchos counter instead of the OutGroupMembQueries counter. This issue has been resolved. To see the OutGroupMembQueries counter, enter the command show ipv6 counter. CR00013115 IP Gateway 4 The “?” help description for the fragment parameter of the add ip interface command was unclear. This issue has been resolved. The query now states that the parameter “Decides if Do Not Fragment is obeyed for IP packet larger than MTU”. Version 281-02 C613-10482-00 REV B Features in 281-01 30 AT-9900 AT-9800 By default, when the router receives a tagged packet on an Eth or VLAN interface and bridges it, the bridge strips out the packet’s VLAN tag. This enhancement enables you to set the bridge to instead retain the tag, by using off, no or false in the new command: AT-8948 / x900-48 - AT-8700XL Bridge AT-8600 CR00012620 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR400 Enhancements Y Y Y - - - - - - - Y Y Y Y Y - - Y Y Y set bridge stripvlantag={on|off|yes|no|true|false} The default is on. To see whether stripping is turned on or off, use the command: show bridge and check the new StripVlantag entry. CR00012692 L2TP - The connection between the router or switch, acting as an LNS, and a third party peer, acting as an LAC, can sometimes fail during PPP link negotiation. Frequent negotiation failures can indicate a compatibility problem between the third party peer and Proxy Authentication responses from the router or switch. With this enhancement, you can now disable Proxy Authentication on the router or switch for situations where the third party equipment is not compatible. Use proxyauth=off in the command: add l2tp ip=ipadd[-ipadd] ppptemplate=0..31 [number={off|on|startup}] [pre13={off|on}] [proxyauth={off|on}] [tosreflect={off|on|false|true|no|yes}] The default for proxyauth is on. Proxy Authentication should not be disabled unless necessary. To see whether Proxy Authentication is turned on or off, use the command: show l2tp ip and check the new Proxy Authentication entry. Version 281-02 C613-10482-00 REV B AT-9800 CR00013109 AT-9900 Previously, a user could delete the preferred software release and the current boot configuration file (by using the command delete file), without first setting a new preferred release or boot configuration file. Therefore, it was possible to accidentally delete these files, which caused network disruptions if the router or switch restarted. If the router or switch restarted after the user had deleted the preferred release, it booted from the fallback software. Similarly, if the router or switch restarted after the user had deleted the current boot configuration file, it started up with no configuration. AT-8948 / x900-48 - AT-8700XL File AT-8600 CR00012850 AT-8800 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 31 AR400 Features in 281-01 Y Y Y Y Y Y Y Y Y Y - - - Y Y Y Y Y Y - This enhancement ensures that users can no longer delete the preferred software release or the current boot configuration file. If you want to delete the files without specifying new preferred files, first use the commands delete install=pref or set config=none to stop the files from being preferred. CR00012857 Core, SNMP, Stack - CR00011277 Stacked devices are now SNMP accessible through a single IP address. The MIB Object stackSnmpHost (at-stack.mib) is used to determine which stacked device is currently responding to SNMP Requests. By setting the value of stackSnmpHost, an SNMP manager can chose any one of the stacked switches to poll. After a new value is set successfully, a new SNMP agent is chosen. On SNMP V1 and V2c operations, the new agent is immediately ready to talk to the manager. On SNMP v3 operations, the manager needs to re-run engine discovery to re-synchronize the agent and manager. Traps and notifications from stacked devices now include an extra object called hostID, which gives the value of the switch’s host ID. This identifies which stacked switch produced the trap or notification. CR00013394 Switch - New AT-8600 Series switches are now ROHS compliant (lead free). This enhancement ensured that the new ROHS compliant 1 gigabit uplink ports are fully supported on AT-8648T/2SP switches. - - - - - Y - - - - CR00013584 Core - On AT-8624PoE switches, a new 7000 rpm fan is now supported. - - - - - Y - - - - Version 281-02 C613-10482-00 REV B